U.S. Department of the Interior 
PRIVACY IMPACT ASSESSMENT 





Introduction 


The Department of the Interior requires PIAs to be conducted and maintained on all IT systems whether already 
in existence, in development or undergoing modification in order to adequately evaluate privacy risks, ensure 
the protection of privacy information, and consider privacy implications throughout the information system 
development life cycle. This PIA form may not be modified and must be completed electronically; hand- 
written submissions will not be accepted. See the DOI PIA Guide for additional guidance on conducting a PIA 
or meeting the requirements of the E-Government Act of 2002. See Section 6.0 of the DOI PIA Guide for 
specific guidance on answering the questions in this form. 


NOTE: See Section 7.0 of the DOI PIA Guide for guidance on using the DOI Adapted PIA template to assess 
third-party websites or applications. 


Name of Project: Financial Business Management System (FBMS) — Cloud 
Bureau/Office: Office of the Secretary 

Date: February 5, 2020 

Point of Contact: 

Name: Danna Mingo 

Title: OS Associate Privacy Officer 

Email: Danna_Mingo @ios.doi.gov 

Phone: 202-208-3368 

Address: 1849 C Street NW, Mail Stop 7112 MIB, Washington, DC 20240 


Section 1. General System Information 


A. Isa full PIA required? 
Xl Yes, information is collected from or maintained on 
O Members of the general public 
L] Federal personnel and/or Federal contractors 


O Volunteers 
All 


O No: Information is NOT collected, maintained, or used that is identifiable to the individual in this 
system. Only sections I and 5 of this form are required to be completed. 


B. What is the purpose of the system? 


The Financial and Business Management System (FBMS) is an enterprise-wide financial management 
system that consolidates the majority of the Department of the Interior’s (DOI) business and financial 
management functions. FBMS has been fully implemented for all Bureaus, and fully migrated to a 
cloud hosted infrastructure (VirtuStream Federal Cloud (VFC) Facility). 


DOL is using an integrated suite of software applications to implement FBMS as a comprehensive 
approach to improving current business functions. The FBMS is comprised of several commercial off- 
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the-shelf (COTS) packages and is designed to incorporate the majority of the financial management 
functions within DOI into one solution. Fully deployed, FBMS eliminates over 80 DOI and bureau 
systems, enabling the alignment of a business management system with the DOI’s strategy of 
modernization, integration, accountability, and the creation of customer value. 


FBMS supports Federal government general ledger management, funds management, payment 
management, receivable management, and cost management. It provides detailed transaction 
information necessary to comply with bureau, department, Treasury, OMB, and Federal Accounting 
Standards Advisory Board (FASAB), FAR (Federal Acquisition Regulation), and DIAR (Department of 
the Interior Acquisition Regulations) requirements. 


FBMS provides critical financial reporting, budgetary status, and program information to agency 
managers. It provides effective internal controls. It supports a large number of DOI projects by tracking 
costs, linking project costs to reimbursable agreements, and generating customer billings. 


FBMS also supports annual, multi-year, and no-year funding for many different sources of funding such 
as appropriated, franchise, reimbursable, revolving, available receipts, unavailable receipts, special/trust 
receipts, contract authority, and loan authority. 


FBMS integrates Core Financials with numerous other business processes and other functional areas 
such as budget formulation, acquisition, real property, personal property and fleet management, financial 
assistance, travel, and permanent change of station. Major interfaces exist with the DOI’s Federal 
Personnel Payroll System (FPPS) and DOI’s Charge Card provider, both of which include detailed 
transaction cost allocation functionality. Core Financials also has interfaces with additional bureau 
tracking systems. Systems, Applications & Products in Data Processing (SAP) Open Catalog Interface 
(OCI) is the technical and functional standard used by SAP and its suppliers to communicate shopping 
cart information. FBMS uses OCI as the standard for interfacing with suppliers for catalogs. 


The Executive Management Information Systems (EMIS) provides all employees Analytical capabilities 
and information on how their work contributes to the Department’s overall strategic direction, and will 
enable analysis of how the Department can improve on service delivery or program effectiveness. The 
detail needed to make the information useful will vary depending on the management purpose, but the 
EMIS Analytic tools enables the same data to be used at Department, Bureau, and field levels without 
making additional data inquiries. The EMIS warehouses data hosts from a variety of Department, 
Bureau, and field level sources, and makes this data available to all DOI employees with FBMS 

access. Information can be summarized at the Departmental or Bureau levels for senior leadership or 
viewed at the transaction level if needed for detailed analysis by managers and employees. 


To support the Analytic reporting requirements of FBMS, Business Integration Office (BIO) 
implemented SAP Businessobjects and Tableau Client, which provides analytic and visualization 
capabilities against the current Business Warehouse data and creates graphs, charts, and visualizations 
based on the data provided. SAP Businessobjects and Tableau Server are browser-based tools with role 
based access controls that provide for the separation of both users and content. Within the FBMS 
Tableau tool individual permissions can be set for projects, dashboards, or any shared object. Tableau’s 
new Web Data connect functionality will allow automatic updating between the Tableau server and the 
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BobJ Webi report data. Users will no longer have to manually upload updated WEBi reports to update 
visualization reports. 


The FBMS solution will be used by over 70% of DOI employees; it will affect all employees and 
operations. The solution provides the capability to balance financial and business management workload 
across DOI. These objectives are met through FBMS by providing eight functional areas. Users can 
perform a wide variety of business functions in the following general business areas; 


e Core Financials: Core Financials is the backbone for FBMS. It supports many of the system’s 
central accounting tasks and provides common processing routines and common data for many of 
the system’s financial management functions. 


e Acquisition: Acquisition supports the process of obtaining goods and services, including tracking 
the status of requisitions, purchase orders, and contracts; recording and validating the receipt of 
goods and services; and providing information needed to match invoices and issue payments. 


e Travel: Travel is used for the financial management of the Department’s travel and transportation 
activities. 


e Financial Assistance: Financial Assistance is used to manage grants and subsidies to state and local 
governments, other organizations, or individuals. 


e Personal Property and Fleet Management: Personal Property and Fleet Management provides 
physical and accounting control over the Department’s personal property. 


e Real Property: Real Property provides the information necessary to develop and implement 
improvements for Department owned land, buildings, structures, and facilities. 


e Budget Formulation and Planning: The Budget Formulation function encompasses formulation of 
program, enterprise and department-wide level budget formulation requirements. The function 
supports budget development, advocacy, internal/external reporting, and full cost budgeting and 
Management. 


e Enterprise Management Information: The Enterprise Management Information Function 
supports collecting and retrieving current and historical financial, program, and related performance 
data for analysis, decision making, and performance reporting by managers at all levels. 


The EMIS node represents the reporting and business warehouse functions within FBMS. This 
functionality is a combination of my SAP BW application, my SAP Portal, and canned reports delivered 
within the package applications. For them SAP’s Business Information Warehouse (BW) provides a 
complete information solution. BW is the central component in the SAP suite of applications with an 
added advantage of being a software package that can be used in both SAP and non-SAP environments. 
This system approach consolidates the external and internal sources of data into a single repository. 
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Master Data Governance (MDG) Tool: The Master Data Governance (MDG) tool will provide DOI 
users with the ability to improve transaction level reporting based on grouping of the master data. MDG 
will also enhance master data maintenance utilizing automated processed, including workflow and 
notifications to improve creation, changes and auditability of master data. The MDG will allow the 
bureaus to group different master data together to improve reporting. 


The MDG objects functionality will include Application of Funds (AoF), Fund, Functional Area, WBS 
Element, Funded Program, Funds Center, Cost Center, AoF and Fund Rollover, and 
Hierarchies/Grouping. The Fund and Application of Funds (AOF) (including rollover functionality) has 
been implemented across all the bureaus. The POB is available with the remaining master data objects. 


Business Warehouse Reporting: The BW provides management reporting, including non-SAP data 
sources into reports. This independent data warehouse solution summarizes data from ECC applications 
and external sources to provide executive information for supporting decision making and planning. 
Reports cover a wide range of information requirements, automated data staging, and standard ECC 
business process models. SAP BW supports the complete data warehousing process, from data 
integration, data transformation, consolidation, and cleansing to data provision for analysis. 


Enterprise Resource Planning (ERP) Central Component (ECC): The FBMS Business Integration 
Office (BIO) upgraded ECC to SuiteOnHana (SOH) implemented in FBMS-Cloud environment to 
maintain technical currency including upgrading to the latest enhancement pack (Ehp8) and Enterprise 
Resource Planning (ERP) Central Component (ECC) Unicode conversion, while improving user 
experience by migrating the SAP ECC system from an Oracle Database to a HANA Database. 


1099 Reporting: FBMS BIO uses the 1099PRO Reporting tool for reporting to Internal Revenue 
Service (IRS) payments made to vendors deemed taxable by IRS guidance. These services include 
electronic filing, printing and mailing of vendor 1099s and acts as a service bureau for preparers wanting 
to outsource the submission and distribution process for their IRS forms filing. 


. What is the legal authority? 


Chapter 1 of Title 48, CFR Chapter 1 (Federal Acquisition Regulations); 5 U.S.C. 5514, 5701 et seq.; 26 
U.S.C. 6402; 31 U.S.C. 3511 and 3512, 3701, 3702, 3711; 40 U.S.C. 483; Public Law 106-107, and 41 
CFR 300-304. 


. Why is this PIA being completed or modified? 


O New Information System 

O New Electronic Collection 

X Existing Information System under Periodic Review 
L Merging of Systems 

O Significantly Modified Information System 

L Conversion from Paper to Electronic Records 

O Retiring or Decommissioning a System 
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L] Other: Describe 

. Is this information system registered in CSAM? 

The completed PIA, associated system of records notice(s), and any other supporting artifacts must be 
entered into the CSAM system for each registered system or application. 


XJ Yes: Enter the UII Code and the System Security Plan (SSP) Name 


010-00-01-01-01-1127-24; System Security Plan (SSP) for Financial and Business Management System 
Cloud 


O No 


. List all minor applications or subsystems that are hosted on this system and covered under this 
privacy impact assessment. 











Subsystem Name Purpose Contains PII Describe 
(Yes/No) If Yes, provide a 
description. 
FBMS-CSE Internal interconnected No N/A 


environment providing a 
collection of tools that 
support items in FBMS- 
Cloud 

















. Does this information system or electronic collection require a published Privacy Act System of 
Records Notice (SORN)? 


XYes: List Privacy Act SORN Identifier(s) 


Records in FBMS are maintained under DOI system of records notices including: 

Interior, DOI—86: Financial and Business Management System (FBMS) — Accounts Receivable; 
Interior, DOI—87: Financial and Business Management System (FBMS) — Acquisition of Goods and 
Services; Interior, DOI-88: Financial and Business Management System (FBMS) — Travel Management 
Records; Interior, DOI—89: Financial and Business Management System (FBMS) — Grants and 
Cooperative Agreements 


L] No 
. Does this information system or electronic collection require an OMB Control Number? 


O Yes: Describe 
No 
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Section 2. Summary of System Data 


A. What PII will be collected? Indicate all that apply. 












































XName O Religious Preference ÈI Social Security Number (SSN) 
O Citizenship O Security Clearance X Personal Cell Telephone Number 
Xx] Gender O Spouse Information Tribal or Other ID Number 
Birth Date O Financial Information Personal Email Address 

CL] Group Affiliation O Medical Information CL) Mother’s Maiden Name 

CL] Marital Status O Disability Information Xx]Home Telephone Number 

O Biometrics XICredit Card Number O Child or Dependent Information 
O Other Names Used O Law Enforcement X/Employment Information 

XI Truncated SSN O Education Information O Military Status/Service 

C Legal Status L] Emergency Contact x] Mailing/Home Address 

O Place of Birth O Driver’s License O Race/Ethnicity 


XJOther: Specify the PII collected. 
Vendor DUNS Number; Employee Identification Number (EID) 


B. What is the source for the PII collected? Indicate all that apply. 





X 


Xl Individual 
x] Federal agency 











O Tribal agency 

O Local agency 
IDOI records 
x|Third party source 








O State agency 
Other: Describe 











DOI Records 

FPPS 

The Federal Personnel and Payroll System (FPPS) provides labor cost accounting data to FBMS viaa 
labor interface. 


The following provides an overview of external system interfaces and describes any data inbound to 
FBMS. 


Federal Agencies 
U.S. Department of Health and Human Services (HHS) 
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Grants.Gov - Grants.Gov sends data into the FBMS Financial Assistance component. The Grants.Gov 
data includes DOI grant application forms and supporting materials that provide additional information 
on how the applicant intends to spend grant funds, schedules, diagrams, pictures, etc. The grantee 
reported expenditures information used to obligate grant funding can include grantee name, 
vendor/DUNS/Social Security number, address, and bank account number. 


U.S. General Service Administration (GSA) 


Mileage Express - The Mileage Express interface is only an outbound interface, with FBMS providing, 
on a monthly basis, mileage utilization data on GSA provided vehicles to GSA’s Mileage Express 
system. 


Central Contractor Registration (CCR) - CCR feeds data into the FBMS Core Financials component to 
ensure FBMS uses a common vendor identifier. The CCR vendor data includes vendor name, bank 
address, and DUNS/TINS numbers. 


Motor Pool Charges - The Motor Pool Charges interface from GSA to FBMS provides a monthly file of 
GSA motor pool utilization and repair charges, which are posted into FBMS (reversing the utilization 
accruals). 


GSAXcess - The interconnection between GSAXcess.gov and FBMS-Cloud is bidirectional. The 
information follows primarily from the Agency system to GSAXcess.gov. The interconnection is to 
facilitate real time property data, image, and documentation reporting to the GSAXcess.gov. 


U.S. Department of Treasury 


Automated Standard Application for Payments (ASAP) - FBMS provides grants payment data to the 
ASAP system at Treasury to request payments to grant recipients. 


GOALS - Government Online Accounting Link System (GOALS) is a collection of applications that 
allows Treasury to collect data from and disseminate reports to the Federal Program Agencies. 


SPS (Secure Payment System) - This is an outbound interface from FBMS to Treasury’s SPS to request 
payments on DOI’s behalf. 


The Internet Payment Platform (IPP) - A secure web-based electronic invoicing and payment 
information system provided by the Department of the Treasury’s Financial Management Service. The 
IPP allows Federal agencies to transform their existing paper-based order-to-pay processes into a 
streamlined electronic flow. Federal agencies use the IPP to send electronic purchase orders (POs) to 
suppliers, to receive electronic invoices from suppliers, and for invoice routing and approval workflow. 
The IPP uploads payment remittance information from the Treasury and non-Treasury disbursed 
agencies, allowing agencies and their suppliers to view and download payment information. 


Intra Governmental Payments and Collections (IPAC) - Federal Agencies use the IPAC (Intra 
Governmental Payments and Collections) system to pay for goods and services provided by other 
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federal agencies. The inbound IPAC enhancement is intended to provide the ability to record outgoing 
cash transactions in the system to correspond to cash already debited / credited by Treasury. 


Pay Gov - The Treasury Web Application Infrastructure (TWAD provides a multi-tiered World Wide 
Web (Web) interface and common services within a robust infrastructure for multiple Treasury 
applications. The applications servers use database and other resources in Zone 3, as needed. 
Application-specific (Pay.Gov, for example) processing and storage components are generally in Zone 
3, as objects requiring the protection of the deepest zone. 


DataBase Management System (DBMS) - The TWALI is a secure infrastructure with Internet and 
dedicated telecommunications connectivity. The DBMS provides support to the TWAI environment 
which includes web servers driven by login residing on an application server. 


Third Party 
CitiBank SmartPay3 - The “Smart Card” credit card vendor (CitiBank) provides detailed charge card 
expenses to FBMS. 


Concur Travel System (CGTS) - Additional travel expenses data will come into the FBMS system to 
support employee expense voucher processing and payment. 


CompuSearch (Fed-Connect) - Federal vendors enter their invoices through the GovPay web portal site. 
For DOI bureaus supported by FBMS, Fed-Connect then transmits these invoices to FBMS for 
processing. 


1099PRO - 1099PRO Reporting tool will be used for reporting to the IRS payments made to vendors 
deemed taxable by IRS guidance. The services include electronic filing, printing and mailing of vendor 
1099s and acts as a service bureau for preparers wanting to outsource the submission and distribution 
process for their IRS forms filing. 


SAP Public Services (SAP) - This interconnection is between the SAP and DOI, Office of the Chief 
Information Officer (OCIO) networks for the purpose of providing system users, located within SAP, 
access to the Office of the Secretary (OS)/Business Integration Office (BIO) based applications. This 
Agreement contains available communications protocols, data transfer capabilities, specific 
communications hardware, and encryption requirements to establish a secure connection to DOI. 


UNISYS - Interconnection between UNISYS and DOI/OCIO networks provides system users, located 
within UNISYS, access to OS/BIO based applications. This agreement also covers connections made by 
application systems located within the UNISYS network utilizing service accounts to transfer data 
through system-level interfaces. 


GrantSolutions - DOI and GrantSolutions interface is between the GrantSolutions Grants Management 
Module (GMM) and DOI’s SAP-based FBMS financial system. The interface will align with DOI grants 
business process for financial assistance awards. 
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In summary, during the Operations and Maintenance phase, data will continue to come into the FBMS 
system from various areas within DOI. A few of the areas are eGov Travel, Fed-Connect for vendor 
invoices, CCR Vendor master data, Coal Fee Collection and Management System (CFCMS) and CBS 
invoices, and acquisition and accounting generated paperwork. 


On an ongoing basis, the Financial Assistance module of FBMS will use data coming from paperwork 


generated during the grant processing, grant applications received online from grants.gov website, and 
data entered directly into FBMS on-line. 


. How will the information be collected? Indicate all that apply. 





Paper Format 

XJEmail 

O Face-to-Face Contact 

O Web site 

L] Fax 

O Telephone Interview 

Information Shared Between Systems 
XlOther: Describe 























Data may be manually entered into the FBMS by authorized personnel at respective Offices and 
Bureaus. 


. What is the intended use of the PII collected? 


The primary use of the PII collected is to maintain accounting and financial information associated with 
the acquisition of goods and services, processing of travel authorizations and pay travel claims, billing 
debtors for amounts owed to DOI and follow-up on unpaid debts, and to award and manage grant and 
cooperative agreement awards. 


. With whom will the PII be shared, both within DOI and outside DOI? Indicate all that apply. 
X Within the Bureau/Office: Describe the bureau/office and how the data will be used. 


FBMS is an enterprise wide application centrally managed by the DOI Business Integration Office. 
Each DOI Bureau/Office has assigned Account Controllers and other administrators that grant access to 
employees who have a need to know in order to perform their official duties. Each Bureau/Office only 
has access to its own information. Users access FBMS via the FBMS Portal. FBMS Transnational 
access 1s restricted only to users who have been granted authorized access. 


FBMS Suite of reporting tools which includes the Business Warehouse (BW), SAP 
Businessobjects Web Intelligence (WEBI), SAP Business Objects OLAP for Analysis and Tableau 
Client/Server. The Businessobjects and Tableau Analytical tools will be used to extract existing data 
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from FBMS SAP Business warehouse via Reports. This report data can be used to create data 
visualizations using aggregate, summary level, or detailed data. The output of the analytical tools can be 
shared via the tools themselves, shared drives (google drive, SharePoint etc), email, and other DOI 
security approved data sharing methods. FBMS end users use this approach to share FBMS data, some 
of which may be sensitive information and/or PII. End users and report developers who have access to 
sensitive information and/or PII have the responsibility to ensure that FBMS data is shared only with the 
appropriate audience. Rules of Behavior applicable to the end users and developers govern the 
appropriate use of data once it's extracted and shared outside of FBMS. 


XJOther Bureaus/Offices: Describe the bureau/office and how the data will be used. 


FBMS is an enterprise wide application centrally managed by the DOI Business Integration Office. 
Each DOI Bureau/Office has assigned Account Controllers and other administrators that grant access to 
employees who have a need to know in order to perform their official duties. Each Bureau/Office only 
has access to its own information. Users access FBMS via the FBMS Portal. FBMS Transnational 
access 1s restricted only to users who have been granted authorized access. 


FBMS Suite of reporting tools which includes the Business Warehouse (BW), SAP 

Businessobjects Web Intelligence (WEBI), SAP Business Objects OLAP for Analysis and Tableau 
Client/Server. The Businessobjects and Tableau Analytical tools will be used to extract existing data 
from FBMS SAP Business warehouse via Reports. This report data can be used to create data 
visualizations using aggregate, summary level, or detailed data. The output of the analytical tools can be 
shared via the tools themselves, shared drives (google drive, SharePoint etc), email, and other DOI 
security approved data sharing methods. FBMS end users use this approach to share FBMS data, some 
of which may be sensitive information and/or PII. End users and report developers who have access to 
sensitive information and/or PII have the responsibility to ensure that FBMS data is shared only with the 
appropriate audience. Rules of Behavior applicable to the end users and developers govern the 
appropriate use of data once it's extracted and shared outside of FBMS. 


Bureau of Reclamation (BOR) 

Interconnection is established for the purpose of providing system users, located within BOR, access to 
OS/Business Integration Office (BIO) based application. The BOR Budget and Reporting System 
(BARS) supports the budget execution processes of BOR. The primary processes are the Funds Transfer 
and Allocation processes. 


Office of Subsistence Management (OSM) (CFCMS) 
The Coal Fee Collection and Management System (CFMS) supports OSM’s Fee Compliance 
Program. 


Bureau of Land Management (BLM) 

Collection and Billing System (CBS) sends collection and billing files to FBMS to ensure that all 
collections, and all bills, adjustments and reversals posted in CBS are also posted in the FBMS ledger of 
record, and the two systems are kept in sync. 
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Office of Aircraft Services (OAS) - Inbound interface twice a month from the Aviation Management 
Division of DOI containing the charges of all FBMS bureaus for aircraft usage. 


Alaska Fire Store and National Interagency Fire Center - Inbound interfaces, with FBMS receiving 
information regarding newly established Fire Codes, along with descriptive information, project 
definition, and potentially multiple WBS elements for each new Fire Code. The new fire code project 
and associated WBS elements are established for use within FBMS. 


XlOther Federal Agencies: Describe the federal agency and how the data will be used. 


Data is shared and reported to other Federal agencies, including the Department of Treasury, GSA, 
Department of Health and Human Services, and Fedbizopps as required. Data may be shared pursuant 
to the routine uses contained in the published FBMS system of records notices: DOI-86, DOI-87, DOI- 
88, and DOI-89. 


Department of the Treasury 


Automated Standard Application for Payments (ASAP) - FBMS provides grants payment data to the 
ASAP system at Treasury to request payments to grant recipients. The Treasury ASAP system returns a 
payment status file to FBMS with grant payment confirmation information. 


Secure Payment System (SPS) - This is an outbound interface from FBMS to Treasury’s SPS to request 
payments on DOI’s behalf. 


Government Online Accounting Link System (GOALS) - A collection of applications that allows 
Treasury to collect data from and disseminate reports to the Federal Program Agencies. FBMS invoices 
are paid by Treasury. This interface from the Treasury GOALS system to FBMS conveys disbursement 
confirmation information and check cancellation data. This data is used to record the disbursements in 
FBMS. 


The Internet Payment Platform (IPP) - A secure web-based electronic invoicing and payment 
information system provided by the Department of the Treasury’s Financial Management Service. The 
IPP allows Federal agencies to transform their existing paper-based order-to-pay processes into a 
streamlined electronic flow. Federal agencies use the IPP to send electronic purchase orders (POs) to 
suppliers, to receive electronic invoices from suppliers, and for invoice routing and approval workflow. 
The IPP uploads payment remittance information from the Treasury and non-Treasury disbursed 
agencies, allowing agencies and their suppliers to view and download payment information. 


Intra Governmental Payments and Collections (IPAC) - Federal Agencies use the IPAC (Intra 
Governmental Payments and Collections) system to pay for goods and services provided by other 
federal agencies. The inbound IPAC enhancement is intended to provide the ability to record outgoing 
cash transactions in the system to correspond to cash already debited / credited by Treasury. 
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DataBase Management System (DBMS) - The TWALI is a secure infrastructure with Internet and 
dedicated telecommunications connectivity. The DBMS provides support to the TWAI environment 
which includes web servers driven by login residing on an application server. 


Department of Health and Human Services 


Connection between grants.gov and IBC network to allow users data transfer capabilities. IBC provides 
hosting services and support for the HHS core personnel payroll system. FPPS handles all current 
regulations including specialized pay, garnishments, special appointment programs, and more. FPPS is 
the HHS payroll accounting system of record. 


O Tribal, State or Local Agencies: Describe the Tribal, state or local agencies and how the data will be 
used. 


XIContractor: Describe the contractor and how the data will be used. 


Information may be shared with contractors as authorized and outlined in the routine uses contained in 
the FBMS system of records notices: DOI-86, DOI-87, DOI-88, and DOI-89. 


Other Third-Party Sources: Describe the third party source and how the data will be used. 


UNISYS Corporation 

Interconnection is established for the sole purpose of sharing applications with UNISYS. Billing, 
collection, payment, and other financial information, is critical to the timely accomplishment of the 
UNISYS mission 


SAP Public Services 

To allow the FBMS SAP Solution Manager Enterprise Edition instance(s) to communicate with the SAP 
Enterprise Support Services for reporting SAP software malfunctions via error messages to SAP and To 
allow download of SAP Support packages and software releases and SAP Notes. 


CitiBank SmartPay3 

CitiBank is established for the sole purpose of sharing the system for government cardholders and 
administrators to track and report expenses which occur on their Citibank government issued credit 
cards. CitiManager serves as a system for government cardholders and administrators to track and report 
expenses which occur on their CitiBank government issued credit cards. 


ConcurGov Travel System (CGTS) 

CGTS is a web-based, end-to-end travel management system to plan, authorize, arrange, process, and 
manage official federal travel. Connection used to transfer Extensible Markup Language (XML) files 
containing financial and accounting data between OCIO and CGTS. 


1099PRO - FBMS BIO uses 1099PRO Reporting tool for reporting to Internal Revenue Service (IRS) 
payments made to vendors deemed taxable by IRS guidance. The services include electronic filing, 
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printing and mailing of vendor 1099s and acts as a service bureau for preparers wanting to outsource the 
submission and distribution process for their IRS forms filing. 


COMPUSEARCH (Fed-Connect) - Federal vendors enter their invoices through the GovPay web portal 
site. For DOI bureaus supported by FBMS, Fed-Connect then transmits these invoices to FBMS for 
processing. 


GrantSolutions - DOI and GrantSolutions interface is between the GrantSolutions Grants Management 
Module (GMM) and DOI’s SAP-based FBMS financial system. The interface will align with DOI grants 
business process for financial assistance awards. 


. Do individuals have the opportunity to decline to provide information or to consent to the specific 
uses of their PII? 


XlYes: Describe the method by which individuals can decline to provide information or how 
individuals consent to specific uses. 


Yes, Federal employees have the option of not providing information on forms required during the 
application and onboarding process. These official forms contain Privacy Act Statements notifying 
individuals of the authority, purpose and uses of the information. Employees are required by law to 
provide certain types of information, such as name and SSN as a part of the employment process. 
This information is required by applicable Federal statutes, including tax and employment eligibility 
regulations, and are necessary data elements in FBMS. 


Declining to provide this information may affect the employment eligibility and pay status of the 
individual, and other processes and requirements related to employment. 


O No: State the reason why individuals cannot object or why individuals cannot give or withhold their 
consent. 


. What information is provided to an individual when asked to provide PII data? Indicate all that 
apply. 


|Privacy Act Statement: Describe each applicable format. 

Privacy Act Statements are provided when PII is requested directly from individuals on various 
government forms at the time a request is made for goods, services, travel claims, application for grant, 
or other services. 


|Privacy Notice: Describe each applicable format. 


Notice is also provided through publication of this PIA and the FBMS system of records notices: DOI- 
86, DOI-87, DOI-88, and DOI-89. 
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XOther: Describe each applicable format. 


FBMS is a Privacy Act System and authorized users are presented the following Privacy Act Statement 
as a disclaimer at sign on to the FBMS: 


Privacy Act System of Records (FBMS: Financial and Business Management System) 

ACCESS: Access to this information is limited to only those officers and employees of the Department 
of Interior who have a need for the information in the performance of their duties. Disclosure without 
the consent of the subject of the information is restricted unless required by the Freedom of Information 
Act; to those listed in the Federal Register Notice under the "routine use" section; for the purposes 
identified in that section; and to those identified in 43 CFR Part 2 Subpart K §2.231. These records may 
not be altered or destroyed except as authorized by 43 CFR Part 2 §2.68. Please contact your office's 
Privacy Act Officer for advice on disclosure restrictions. CRIMINAL PENALTIES FOR 
DISCLOSURE: The Privacy Act contains provisions for criminal penalties for knowingly and willfully 
disclosing information from this file unless properly authorized. Fines shall not exceed more than 
$5,000. 


O None 


. How will the data be retrieved? List the identifiers that will be used to retrieve information (e.g., 
name, case number, etc.). 


Personal identifiers may be used to retrieve data in FBMS. Due to the open nature of the search fields, 
virtually any type of personal identifier that is described in this document could be used to retrieve 
information on individuals, including the following identifiers: employee ID number (EIN), DUNS 
number, applicant name (company name or person), street address, organization ID, name, phone 
number, fax number, email address, vendor number, vendor name, Social Security number (only for 
DOI employees carried within the vendor file to support travel voucher reimbursement payments), 
charge card information to include last name, first name, and account number. 


Will reports be produced on individuals? 
XYes: What will be the use of these reports? Who will have access to them? 
FBMS can produce the following reports related to individuals: 


Labor Reporting Report identifies labor costs by pay periods, business areas and organizations, or fund 
areas and programs. The reports can drill down to detailed labor cost record information needed to 
verify individual employee labor charges by account assignment. For instance, the system can generate 
detail reports by business area, employee, pay period, to report the number of hours recorded by pay 
code and account assignment. A Labor Interface Specialist may extract reports to ensure proper 
classification and reconciliation of labor charges. 


Charge card reports may assist in tracking budget, supporting 1099 processing, and supporting program 
controls for card settings and defaulting schemes. Access is granted to an Agency/Organization 
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Program Coordinator (AOPC) to create management control reports. Fleet managers have access to 
maintain fleet charge cards, as well run queries and reports on fleet cards under their authority. 


O No 


Section 3. Attributes of System Data 
A. How will data collected from sources other than DOI records be verified for accuracy? 


Most of the data collected from sources other than DOI records come from Federal government agencies 
such as the Department of Treasury and the General Services Administration and is deemed reliable at 
the time it is provided. However, the system performs validation and reconciliation of information at 
each system-to-system interface to ensure that the data is transferred and stored properly, without data 
errors. 


Data integrity checks will be performed by FBMS as incoming and outgoing data is processed through 
the FBMS portal. Both systems will contain data integrity checks to ensure data accuracy. Data that 
conforms to business rule and integrity checks will be posted. Non-conforming data will be posted to a 
suspense file for examination and resubmission upon correction. 


In a few cases, such as credit card and travel data, information is provided by third party vendors. The 
PII included in the data submitted by these vendors is not independently verified; however, any such PII 
is initially supplied by the individuals to the third party, so the data is deemed to be accurate. 


B. How will data be checked for completeness? 


Data will be checked for completeness as it is entered into the system. DOI-defined business rules and 
database integrity will determine if the data is complete. One type of verification of completeness check 
involves creating a list of valid inputs and checking inputs against the table. 


C. What procedures are taken to ensure the data is current? Identify the process or name the 
document (e.g., data models). 


Data is checked to see if it is current and not duplicated by comparing the incoming data with the data 
already in the system. This check is performed when being processed through the FBMS portal. 


Most of the data collected from sources other than DOI record come from Federal government agencies 
such as the Department of Treasury and the General Services Administration and is deemed to be 
current. Third party vendors providing data for FBMS are required to update data when needed. In all 
cases, data is automatically checked for currency by comparing the incoming data with the data already 
in the system as the data is being processed. 


D. What are the retention periods for data in the system? Identify the associated records retention 
schedule for the records in this system. 
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Retention periods for FBMS vary as records in FBMS are maintained by subject matter in accordance 
with the applicable Department-wide, bureau or office records schedule, or General Records Schedule, 
approved by the National Archives and Records Administration (NARA) for each specific type of record 
maintained by the Department. Records retention periods are also subject to litigation holds, court 
orders, and preservation notices issued by the Office of the Solicitor. 


FBMS data is covered under Department-wide Records Schedules, DAA-0048-2013-0001, 1.3-Financial 
and Acquisition Management, and 1.4, Information Technology, which may include short term and long 
term records. Records are temporary and are cut off as instructed in the bureau manual or at the end of 
the fiscal year in which the files are closed, then destroyed 3 years or 7 years after cutoff depending on 
the record. 


. What are the procedures for disposition of the data at the end of the retention period? Where are 
the procedures documented? 


Currently FBMS-Cloud retains all records while FBMS is implementing an Information Lifecycle 
Management (ILM) tool to manage records and data in the system. Records will be disposed of in 
accordance with the applicable record schedule and Departmental policy. Paper records are disposed of 
by shredding or pulping, and records contained on electronic media are degaussed or erased in 
accordance with 384 Departmental Manual 1. 


. Briefly describe privacy risks and how information handling practices at each stage of the 
“information lifecycle” (i.e., collection, use, retention, processing, disclosure and destruction) 
affect individual privacy. 


The major privacy risks associated with FBMS are related to the transfer, maintenance, and use of 
PII. PII contained in FBMS is shared with external organizations or agencies only when 

authorized. Interconnection Security Agreements are maintained between the DOI and organizations 
that have systems connecting to FBMS to ensure that data is maintained in compliance with 
Departmental security control standards and regulations. FBMS has multiple layers of application 
security that protect PII at the role level, which can be applied to a user or groups of users. System 
security roles that provide access to PII are carefully controlled and only assigned by Account 
Controllers to end users in compliance with the standard of least privilege. PII that is maintained in 
FBMS is protected by FIPS compliant Data at Rest encryption at the database level. FBMS users 
complete DOI mandated annual security, privacy, and records management training and sign DOI Rules 
of Behavior to ensure employees with access to sensitive data understand their responsibility to 
safeguard individual privacy. 


FBMS has undergone a formal Assessment and Authorization and has been granted an authority to 
operate in accordance with the Federal Information Security Modernization Act (FISMA) and National 
Institute of Standards and Technology (NIST) standards. FBMS is a cloud system rated as FISMA 
moderate based upon the type of data and it requires strict security and privacy controls to protect the 
confidentiality, integrity, and availability of the sensitive PII contained in the system. A security plan 
was completed to address security controls and safeguards for the FBMS Cloud system. Controls 
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outlined in the FBMS Cloud System Security Plan that adhere to the standards outlined in NIST SP 800- 
53, Recommended Security and Privacy Controls for Federal Information Systems, and includes the use 
of role-based security training, encryption, and maintaining data in secured facilities, among others. 


The use of DOI IT systems is conducted in accordance with the appropriate DOI use policy. IT systems, 
in accordance with applicable DOI guidance. An audit trail of activity will be maintained sufficient to 
reconstruct security relevant events. The BIO follows the least privilege security principle, such that 
only the least amount of access is given to a user to complete their required activity. All access is 
controlled by authentication methods to validate the authorized user. Access to the DOI network 
requires two-factor authentication. Users are granted authorized access to perform their official duties 
and such privileges must comply with the principles of separation of duties. Controls over information 
privacy and security are compliant with and maintained in accordance with OMB A-123, Management’s 
Responsibility for Internal Control, and NIST 800-53 Revision 4, Security and Privacy Controls for 
Federal Information Systems and Organizations. 


Section 4. PIA Risk Review 


A. Is the use of the data both relevant and necessary to the purpose for which the system is being 
designed? 


Yes: Explanation 


FBMS is an enterprise-wide financial management system that consolidates the majority of DOT's 
business and financial management functions. All data contained within the FBMS are necessary for the 
support of DOI Business Process Operations, including, but not limited to, the following: 


Support of the Department’s central accounting tasks, common processing routines and common data 
for many of the system’s financial management functions, acquisition of goods and services, including 
tracking the status of requisitions, purchase orders, and contracts; recording and validating the receipt of 
goods and services; providing information needed to match invoices and issue payments; management 
of the Department’s travel and transportation activities; management of grants and subsidies to state and 
local governments, other organizations, or individuals; physical and accounting control over the 
Department’s personal property; development and improvement of Department owned land, buildings, 
structures, and facilities; and data collection and analysis for performance reporting. 


1099PRO Professional software is used each tax year by FBMS to fulfill 1099, W-2, and other IRS 
documents filing requirements. The benefit of using 1099PRO includes reducing government operating 
costs, providing greater functionality, improving efficiency, and reducing the risk of inputting the wrong 
data for vendors. 


O No 


B. Does this system or electronic collection derive new data or create previously unavailable data 
about an individual through data aggregation? 
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O Yes: Explain what risks are introduced by this data aggregation and how these risks will be 
mitigated. 


XINo 

. Will the new data be placed in the individual’s record? 
O Yes: Explanation 

XINo 


. Can the system make determinations about individuals that would not be possible without the new 
data? 


O Yes: Explanation 
XINo 


. How will the new data be verified for relevance and accuracy? 
FBMS does not derive or create new information about individuals. 


. Are the data or the processes being consolidated? 


O Yes, data is being consolidated. Describe the controls that are in place to protect the data from 
unauthorized access or use. 


Xl Yes, processes are being consolidated. Describe the controls that are in place to protect the data 
from unauthorized access or use. 


FBMS uses the SIEM ArcSight audit log feature that can be used to run reports on individual 
authorized users’ access to and actions within the system. Additionally, FBMS contains a user 


traceability program that can detect unauthorized access attempts or access to files outside of an 
authorized user’s permissions. 


L No, data or processes are not being consolidated. 


. Who will have access to data in the system or electronic collection? Indicate all that apply. 





x] Users 
x] Contractors 





Developers 
System Administrator 
Other: Describe 














X X o 
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Application Administrators 


FBMS system administrators, application administrators, contractors, and users supporting the system 
and performing system maintenance and other related activities may have access to the data in the 
system. 


How is user access to data determined? Will users have access to all data or will access be 
restricted? 


FBMS follows Governmental and Departmental standards for application access controls. All system 
access requires a username and password authentication. The FBMS Access Control Policy outlines the 
requirements for gaining access to FBMS. 


Bureau/Office administrators are responsible for controlling and monitoring access of authorized 
employees. Bureau/Office Administrators and authorized employees will only receive access to data for 
their own Bureau or Office. A user must have a valid DOI Active Directory (AD) account prior to 
submitting a new user registration request. The request is initiated in GRC and processed through 
automated approvals by the requisite parties (Bureau Security Points of Contact (SPOCs) and Bureau 
Account Controllers). The SPOC and Account Controller must approve the new user registration 
request before the user is granted access to FBMS. Once established in the system, account privileges 
can be assigned to users as part of a role based access control security model. Role requests are also 
initiated in GRC and processed through automated approvals involving Bureau Security Points of 
Contact (SPOCs), Bureau Account Controllers, Bureau Internal Controls Coordinators, and Bureau 
Training Coordinators. 


1099PRO data is restricted to only designated authorized users assigned the role to administer and 
process 1099PRO tax documents. 


Are contractors involved with the design and/or development of the system, or will they be 
involved with the maintenance of the system? 


XYes. Were Privacy Act contract clauses included in their contracts and other regulatory measures 
addressed? 


Contractors are responsible for designing and developing the system and with maintaining the 
system. Privacy Act contract clauses are included in all contractor agreements. 


BIO contractors are required to sign nondisclosure agreements as a contingent part of their 
employment and are also required to sign the DOI’s Rules of Behavior and complete security and 
privacy training prior to accessing a DOI computer system or network. Information security and 


role-based security training must be completed on an annual basis as an employment requirement. 


O No 
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J. Is the system using technologies in ways that the DOI has not previously employed (e.g., 
monitoring software, SmartCards or Caller ID)? 


O Yes. Explanation 
XINo 


K. Will this system provide the capability to identify, locate and monitor individuals? 


Yes. Explanation 


FBMS audit logs can be used to run reports detailing an individual user's authorized access and 
actions performed within the system, to include attempts to access files or transactions beyond the 
user’s assigned permissions. The logs capture account creation, modification, disabling, and 
termination in the logs. The application name, date and time is captured, item ID, type, location, 
event type date and action taken on item is captured in the logs. Audit logs are enabled on all host 
and server systems as well as the firewalls and other network perimeter security devices and IDS. 
All logs automatically roll up to the ArcSight system for consolidation, analysis, retention, and 
reporting purposes. The ArcSight logger is configured to automatically email the OCIO Security 
Operations staff for any high severity events. 


O No 
L. What kinds of information are collected as a function of the monitoring of individuals? 


FBMS audit logs can be used to run reports detailing an individual users’ authorized access and actions 
performed within the system, to include attempts to access files or transactions beyond the user’s 
assigned permissions. The logs capture account creation, modification, disabling, and termination in the 
logs. The application name, date and time is captured, item ID, type, location, event type date and 
action taken on item is captured in the logs. Audit logs are enabled on all host and server systems as 
well as the firewalls and other network perimeter security devices and IDS. All logs automatically roll 
up to the ArcSight system for consolidation, analysis, retention, and reporting purposes. The ArcSight 
logger is configured to automatically email the OCIO Security Operations staff for any high severity 
events. 


M. What controls will be used to prevent unauthorized monitoring? 


Controls outlined in the FBMS System Security Plan that adhere to the standards outlined in NIST SP 
800-53, Recommended Security and Privacy Controls for Federal Information Systems, are in place to 
prevent unauthorized monitoring. This includes the use of role-based security training, encryption, and 
maintaining data in secured facilities, among others. FBMS assigns roles based on the principles of least 
privilege and performs due diligence toward ensuring that separation of duties is in place. 
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Monthly scans of the network are performed to ensure that changes do not occur that would create an 
exposure or weakness in the security configuration of any FBMS assets. FBMS IT systems maintain an 
audit trail of activity sufficient to reconstruct security relevant events. The audit trail will include the 
identity of each entity accessing the system; time and date of access (including activities performed 
using a system administrator’s identification); and activities that could modify, bypass, or negate the 
system’s security controls. Audit logs are reviewed on a regular basis and any suspected attempts of 
unauthorized access or scanning of the system are reported immediately to IT Security. 


Only authorized users with valid DOI Active Directory credentials will be able to access the system. In 

addition, all users must consent to Rules of Behavior and complete Federal Information System Security 
Awareness, Privacy and Records Management training before being granted access to the DOI network 

or any DOI system, and annually thereafter. 


FBMS-Cloud has Single Sign-On (SSO) enabled, users who log onto the DOI network can access the 
Privacy Policy via the link located at the bottom of the FBMS, Enterprise Portal page or the DOILGOV 
website. Users must use PIV card and can only access FBMS-Cloud within the DOI network. 


FBMS is a Privacy Act System and authorized users are presented the following warning prior to 
signing in to the Application: Privacy Act System of Records (FBMS: Financial and Business 
Management System) ACCESS: Access to this information is limited to only those officers and 
employees of the Department of Interior who have a need for the information in the performance of their 
duties. Disclosure without the consent of the subject of the information is restricted unless required by 
the Freedom of Information Act; to those listed in the Federal Register Notice under the “routine use” 
section; for the purposes identified in that section; and to those identified in 43 CFR Part 2 Subpart K 
§2.231. These records may not be altered or destroyed except as authorized by 43 CFR Part 2 §2.68. 
Please contact your office's Privacy Act Officer for advice on disclosure restrictions. CRIMINAL 
PENALTIES FOR DISCLOSURE: The Privacy Act contains provisions for criminal penalties for 
knowingly and willfully disclosing information from this file unless properly authorized. Fines shall not 
exceed more than $5,000. 


FBMS users are presented with the following Terms and Conditions of Use prior to signing on to the 
application: Terms and Conditions of Use 


This computer system, including all related equipment, networks, and network devices (including 
Internet access), is provided by the Department of the Interior (DOT) in accordance with the agency 
policy for official use and limited personal use. All agency computer systems may be monitored for all 
lawful purposes, including but not limited to, ensuring that use is authorized, for management of the 
system, to facilitate protection against unauthorized access, and to verify security procedures, 
survivability and operational security. Any information on this computer system may be examined, 
recorded, copied and used for authorized purposes at any time. All information, including personal 
information, placed or sent over this system may be monitored, and users of this system are reminded 
that such monitoring does occur. Therefore, there should be no expectation of privacy with respect to 
use of this system. By logging into this agency computer system, you acknowledge and consent to the 
monitoring of this system. Evidence of your use, authorized or unauthorized, collected during 
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monitoring may be used for civil, criminal, administrative, or other adverse action. Unauthorized or 


illegal 


use may subject you to prosecution. 


N. How will the PII be secured? 


(1) Physical Controls. Indicate all that apply. 























OX OUORORRRO X 


Security Guards 

Key Guards 

Locked File Cabinets 
Secured Facility 
Closed Circuit Television 
Cipher Locks 
Identification Badges 
Safes 

Combination Locks 
Locked Offices 
Other. Describe 


(2) Technical Controls. Indicate all that apply. 
































bd 
XJ 
bd 
XJ 
0 
XJ 
XJ 
O 
bd 
XJ 


Password 
Firewall 
Encryption 
User Identification 
Biometrics 
Intrusion Detection System (IDS) 
Virtual Private Network (VPN) 
Public Key Infrastructure (PKI) Certificates 
Personal Identity Verification (PIV) Card 
Other. Describe TLS 


(3) Administrative Controls. Indicate all that apply. 


























xk ki xK K NM X 





Periodic Security Audits 

Backups Secured Off-site 

Rules of Behavior 

Role-Based Training 

Regular Monitoring of Users’ Security Practices 

Methods to Ensure Only Authorize Personnel Have Access to PII 
Encryption of Backups Containing Sensitive Data 
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Mandatory Security, Privacy and Records Management Training 
O Other. Describe 


O. Who will be responsible for protecting the privacy rights of the public and employees? This 
includes officials responsible for addressing Privacy Act complaints and requests for redress or 
amendment of records. 


The Director, Office of Financial Management as the FBMS Information System Owner and the official 
responsible for oversight and management of the FBMS security and privacy controls and the protection 
of information processed and stored by the FBMS system. The Information System Owner and the 
FBMS Privacy Act System Manager(s) are responsible for ensuring adequate safeguards are 
implemented to protect individual privacy in compliance with Federal laws and policies for the data 
managed and stored in FBMS, and for protecting the privacy rights of the public and employees for the 
information they collect, maintain, and use in the system, as well as meeting the requirements of the 
Privacy Act, providing adequate notice, making decisions on Privacy Act requests for notification, 
access, amendments, and complaints in consultation with DOI Privacy Officials. 


P. Who is responsible for assuring proper use of the data and for reporting the loss, compromise, 
unauthorized disclosure, or unauthorized access of privacy protected information? 


The FBMS Information System Owner is responsible for oversight and management of the FBMS 
security and privacy controls, and for ensuring to the greatest possible extent that FBMS data is properly 
managed and that all access to data has been granted in a secure and auditable manner. The Information 
System Owner is also responsible for ensuring that any loss, compromise, unauthorized access or 
disclosure of PII is reported to DOI-CIRC, US-CERT, and privacy officials within 1-hour of discovery 
in accordance with Federal policy and established procedures. 
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